Group test: which web browser is most secure?

Chrome, Firefox, Safari, Opera and IE tested

By Roger A Grimes | 07 February 09

All of the most popular browsers such as Chrome, Firefox, Internet Explorer, have different security advantages and shortcomings. We've put them through rigorous tests, to find out which is best for you.

The most secure browser

Which of the browsers tested can claim to be the most secure? Here's the big shocker: none of the fully patched browsers allowed silent infections or exploitation beyond simple DoS attacks. All of the browsers stopped the latest malicious attacks available on the internet.

Occasional zero-day attacks could silently infect a particular browser during a particular period of time, but all of the browsers have this same risk, and all of the browser vendors in this review are fairly consistent in patching significant problems in a timely manner.

Hence, the overall conclusion of this review is that any fully patched browser can be used relatively safely. You can change browsers, but your risk is the same with all of them - nearly zero - if your browser, OS, and all add-ons and plug-ins are fully patched.

However, if I pretended to be an end-user tricked into running a malicious executable (such as a fake anti-virus program), each browser allowed the system to be infected and compromised.

End-users running on Windows Vista without elevated credentials would have prevented most malware infections from occurring, but even those users were readily exploited if they purposefully elevated themselves to install the rogue program.

Browser security tips

Instead of accusing one browser of being weaker than another, real-world testing has revealed that users should pick a browser that has the security features and functionality they desire, and implement the following suggestions.

Don't log on as admin or root when running an internet browser (or use UAC on Windows Vista, SU on Linux, etc.).

Make sure the browser, OS and all add-ons and plug-ins are fully patched.

Don't be tricked into running malicious code.

If unexpectedly prompted to install third-party software while browsing a site, open another tab and download the requested software directly from the software vendor's website.

Be careful about which add-ons and plug-ins you use. Many aren't secure, many are very insecure, and some are actually malware in disguise.

Browser findings

As expected, each browser had its fair share of security advantages and disadvantages. All of the browsers reviewed here, save Google Chrome, have had years to mature in response to previous malicious attacks. All of the browsers had SSL/TLS (Secure Sockets Layer/Transport Layer Security) support, anti-phishing filters, pop-up ad blocking, cross-site script (XSS) filtering, automated updates, private session browsing, and cookie handling. The following review summaries highlight their differences.

Share this article

X

Email this to a friend

Characters remaining: 337

What is A + B?

Comments

montse said: Succinct and to the point

RSebire said: All sites have vulnerabilities unless stated formally but the FBI therefore how can a browser be secure Java based code library and Python as such current form Net 1-Net2 and yes Net3 compatible allow all user to deengineer the HTML DHTML ect of the website even before the browsers is directed to it by DYnsThe only safe way of browsing the web is to use tried and test applications such as MSIE and Firefox remember Netscapethe newer generation promise a lot but have no credentials to support their claimsI prefer Firefox 3 with no script adblock and grease monkey as it allows me to use an firewall open NAT Port as software and internet based virus scanner a Peer guardian and an annomiser simultaneously - Thus 100 java executable code without malformations exploitsPlus i can chose how and what is displayed to me plus I know this might sound unpopular I do effectively disconnect around 50 countries from my internet and any of there productsSimple really

Ron said: Ha The most common complaint I see on my blog is - to put it politely - Chrome is an abomination I do prefer it with the profanity though Having tried this barely-formed foetus of a browser I have to agree

Si said: Surprise surprise that the author has nothing bad to say about IE8 despite it being in beta stage but can critique the other browsers But what do you expect when he works for MicrosoftPCA Are you seriously telling me that you couldnt find an impartial reviewer or do Microsoft sponsor you to put these up

Smart home- or wearable tech: which is more likely to benefit your digital life this year?

I'm more likely to buy smart home- than wearable tech this yearI'm more likely to buy wearable- than smart home tech this yearI'll probably buy both smart home- and wearable tech this yearI'm unlikely to buy smart home- or wearable tech this yearNot sure/don't know